MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

5.2.09

Exploiting vulnerabilities across different types of file format has become commonplace and highly used method for the creators and disseminators of malware.These methods, which are also combined with different strategies, they become a time bomb that is detonated by the simple act of accessing a page maliciously manipulated to accommodate these attack strategies.Numerous cases such as using different weaknesses exploited through files .js, .swf, .pdf, .mp3, even pretending to be files .css, put on shows that any type of file is free to be used as channel spread much less as a vector for infection.

In recent weeks, a wave file. Js files are being used to redirect the download of malicious code through obfuscated scripts that hide in the body of the JavaScript, as the following, which is hosted at URL http://www710sese.cn/a1/realdadong.js whose md5 hash is d1094b907dfe99784b206d2ae9b1fe97:

The point is that, between the lines of this obfuscated script is executed to download a binary file from a different URL, called a1.css appears to be a .css (Cascading Style Sheets). This binary is a malware.

Furthermore, between the middle of all the infection process, which lasts only a few seconds, set against the splice connection txt.hsdee.com and www.wdswe.com, where, since the former makes a Drive-by Update on file oo.txt for when he replies with a 200 "OK", download the binaries provided in that file. The first one from http://www.wdswe.com/new/new1.exe (md5: 1c0b699171f985b1eab092bf83f2ad37).

Despite the use, by malware creators of advanced techniques of infection, there is a fundamental element that can avoid becoming victims of similar attacks clearly focused on maintaining the updates completely current, including applications.